GDPR

Version 1.2, Revision 6

The content below is provided for informational purposes only. The information shared here is not meant to serve as legal advice. You should work closely with legal and other professional counsel to determine exactly how the GDPR may or may not apply to you.

On May 25, 2018, the EU General Data Protection Regulation (GDPR) went into effect, bringing new global data protection rights for individuals in the European Union.

Rooster fully supports the privacy rights of our customers and our users and is fully GDPR-compliant. This page briefly explains what Rooster is doing to work towards GDPR compliance, as well as what you’ll need to do as a user or partner of Rooster.


Towards GDPR compliancy

To prepare for GDPR, Rooster has undertaken many phases of research and implemented a number of changes.

  • Policy & TOS updates. Rooster’s Privacy Policy and Terms of Service have been updated to reflect our compliance with GDPR and identify the information that we collect about our users, how we use that information and keep it safe. If you continue to use Rooster after we introduce new updates, it means you agree to the new policy.
  • Internal data audit. Rooster has reviewed all the data we collect, as well as the reasons for why we collect it. We also recognise that the protection of your data involves us so we are improving our internal controls around employee access to data and data security incidents.
  • Vendor audit. Since we use some third-party suppliers to make Rooster available, we are reviewing and negotiating these contracts with a view to ensuring that they comply with applicable laws, including GDPR. Where amendments to these agreements are required we are entering into Data Processing Agreements with our suppliers.
  • Data tooling. You can export and delete your data in Rooster on your account settings page. We recognize that it’s important for you to control your information so we are investing in features that will help you easily manage and access more of your data within Rooster. We will provide more information on these features as they become available.
  • Communication. We commit to documenting and sharing any pertinent changes with customers and partners. This includes emails and on the site itself, on our legal pages and in the blog.
  • Ongoing process changes. This includes revamping processes for how Rooster does customer support, builds product, reports on data, and works with applicants as we grow our team. Much of this will be in the form of internal documentation, training and processes as required by GDPR.

None of these steps are likely to impact the way you use Rooster day to day – you and all our many users will remain free to apply to or create jobs and manage your CVs anywhere!


Rooster’s role in GDPR compliance

It’s important to note that Rooster is acting both as a Data Controller in some cases described in our Privacy Policy and as a Data Processor within the realm of GDPR compliance:

As a Data Controller, you are responsible for safeguarding the data of your customers as they interact directly with services integrated with Rooster. As a Data Processor, Rooster is responsible for safeguarding the data of our partners’ and customers’ users as it flows through our system.


Customers’ and partners’ roles in GDPR compliance

As a Rooster customer or partner, you are a Data Controller and Rooster is acting as your Data Processor for your users. In this respect, you must take the following steps leading up to May 25, 2018:

  • Ensure your Terms of Service and/or Privacy Policy are up to date.
  • If you have customers in the EU or need to be GDPR compliant, your agreement to our terms of service will be sufficient as it contains relevant addendum.
  • Perform your own research, modeling, vendor audit, and strategy steps at your company to ensure you understand GDPR as it applies to your business.
  • Be thinking about how you’ll handle consent. You should use the platform to not trigger or work with users’ data without proper consent.
  • Watch for updates from Rooster related to product functionality or privacy and TOS changes.

Rooster’s vendors and sub-processors

Each of Rooster’s vendors and sub-processors will ensure compliance under the EU GDPR requirements. An audited minimum relevant set of data is shared with each vendor:

  • AWS: the bulk of user data is hosted in AWS.
  • Mailchimp: user data for email marketing is maintained in Mailchimp.
  • Intercom: user data for support purposes is maintained in Intercom.
  • Slack: user, applicant, employee and partner data is discussed in in Slack.
  • Google: user, applicant, employee and partner data is maintained in Google through products like Gmail, Drive or Google Analytics.
  • Notion: user, applicant, employee and partner data is maintained in Notion.
  • Nudgify: user data for analytics and marketing purposes is maintained in Nudigfy.

Any changes in vendors or sub-processers will be documented on this page.


Contact

For support on anything related to GDPR, including how to access, inspect, update and remove your personal information with respect to Rooster, please email us at [email protected].